Last few days a server is getting too many SYN_RECV attacks.
I tried to stop it with APF antidos and mod_evasive.
It stoped the attack. But today it started again, may be with more strength, there was more than 1500 SYN_REC requests, Apache stoped working.
Today i banned few attacker IP’s with APF firewall.
netstat will show the number of connections each IP’s have. Ban IP’s with too many SYN_REC will help if attack is not spoofed.
# netstat -n -p | grep SYN_REC | awk '{print $5}' | awk -F: '{print $1}'
To block an IP with APF Firewall, use
# apf -d IPADDRESS # csf -d IPADDRESS
One Response to SYN_RECV DDoS attack on CentOS Server